Any endeavor that makes money quickly draws the attention of fraudsters and thieves, and videogames are no exception. Since their inception and introduction to the consumer market, videogames have been the target of theft, piracy, illegal distribution… But the evolution of the digitized entertainment and its major shift toward online gaming has also changed the way it is being targeted, who it is being targeted by, and the people who are suffering the consequences.
Unfortunately, these changes aren’t being recognized and embraced by developers and publishers. As well, gamers are lacking the required vigilance and awareness that will enable them to protect themselves against this new threat landscape. The direct consequence is the success of wholesale attacks against gaming platforms and gamers alike, which is costing manufacturers and consumers billions of dollars in losses every year.
In this post, I will briefly describe the changes that have overcome the gaming industry and the new threats that have been introduced as a result.
The evolution of gaming
In days of yore, games were distributed through brick-and-mortar sellers, generally sold at retail prices ranging between $30 and $80. At the time, the major threat to the business was the illegal distribution of games, which dealt considerable damage to the bottom line of game publishers. Developers would put considerable effort to prevent the illegal copying of their software, and would implement copy protection controls, activation codes and protection keys in order to make sure that players would obtain the game legitimately.
Naturally, scammers wouldn’t remain idle and would develop crack software and produce pirated versions of games which would be sold at low prices or distributed for free in black markets. In response, publishers would find ways to harden their code against reverse engineering and tampering by hackers.
And hackers would again find ways to neutralize those measures.
This endless battle that has been ongoing between game publishers and game crackers continues to this very day. With the advent of massively online games (the first I remember is Ultima Online) in the late 90’s and their propagation in the 2000’s, the gaming industry and its monetization model underwent a major shift. Instead of paying once and playing forever, gamers would obtain the game for free or at a low price (Ultima Online was an exception in this regard – sold at about $65), and would pay a monthly subscription fee for playing the game online.
Over time, other models became available as well, such as free-to-play games that make their money out of in-game advertisement, and the freemium model (an extension of the old shareware system), where base features are made available for free and interested users can pay to obtain the premium version and unlock the extra goodies.
One of the major changes was the use of micro-transactions and in-game purchases and trade. Games such as Farmville and Crossy Road have made a fortune out of this model. These types of games, which are usually offered for free, include a virtual currency system, where users can amass coins through gameplay in order to purchase upgrades and new in-game items. While virtual coin gathering has been present in games since the old days (Mario Bros and Sonic the Hedgehog, anyone?), the innovation that these games offer is that they allow the player to pay real cash in order to shortcut their way to the item of their choice.
The introduction of this model turned the in-game item trade into a full, booming business.
The changes and varieties that have overcome the gaming industry, the advent of mobile games, free-to-play games and in-game trade have been beneficial to both players and manufacturers. Today, more people are playing games than ever, more than 1.2 billion players, 700 million of which are playing online. The global worth of the industry is estimated at around $100 billion, more than the film industry.
But the smell of cash has also drawn in new players (both on the attacker and the victim side) into the gaming crime fray.
New threats against the gaming industry
There are many new ways cybercriminals can target the gaming industry, and piracy is becoming the least of the worries that publishers and developers have to deal with. What’s more, publishers are no longer the sole targets of cyberattacks – consumers are just as vulnerable. For one thing, online game distribution hubs are becoming very attractive targets for hackers. Platforms such as Steam, which has more than 125 million users, can become gem pots of financial data for hackers. In fact, a recent wave of malware attacks against Steam shows how lucrative the business of gaming cybercrime is becoming.
Aside from credit card and other sensitive financial data, malicious actors have other motives to hijack user accounts: the virtual assets that users purchase and attach to their gaming profiles. As gaming platforms allow the purchase and trade of in-game items, hackers are now motivated to hijack those accounts and quickly siphon the hundreds and thousands of dollars’ worth of items to other accounts, which will later be used to cash out the sums. According to Steam, stealing virtual goods has become a real business for skilled hackers.
The development and progress of gaming platforms also has another unintended byproduct: the apparition of online grey markets for virtual goods and currency. Before games allowed users to actually purchase in-game assets with real money, players started amassing them and selling them over online markets such as eBay or other dedicated websites, a process known as “gold farming.” As games started to roll out purchase capabilities, these grey markets became competitors and hackers started using other methods such as botnets to increase their production rates and maintain the competitive edge, drawing down market prices in the process.
The gaming industry is more vulnerable than other sectors
As the industry generates more revenue, fraudsters and hackers are becoming convinced to move away from other targets and direct their efforts toward gaming. According to a study by Panopticon Labs, a cybersecurity firm dedicated to online gaming, the reasons are twofold:
- Hackers have years of experience attacking other industries, and the experience, tools and techniques are directly applicable to breaking into games.
- The gaming industry is relatively new to the cybersecurity game and lacks the precautions, rules, regulations and standards that other sectors such as finance and health are applying.
The signs should serve as a warning that there needs to be a serious shift in the way the gaming industry is dealing with security issues. Vendors and developers, on their part, should start to give serious attention to fraud threats in gaming environments, create more secure games, roll out standard security patches and features such as multi-factor and risk based authentication, fraud detection, user data protection…
Gamers too should change their way of thinking. They should stop being solely focused on the fun of playing games and start taking their own security more seriously. A good start is security basics, simple steps and measures that every user should know and abide by. Also, they should stop seeing antivirus and security solutions as a nuisance that disrupts their gaming experience.
Hackers, cheaters and scammers won’t stop their cyberattacks unless you make them. Long story short, have your fun, but not at the expense of your security.